autonomous-lucid
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted 'Research findings' from external sources (Phase 1) and uses them to generate code for 10 agents. Evidence: 1. Ingestion in Phase 1; 2. No boundary markers or 'ignore' instructions listed; 3. Capabilities include full command execution and deployment; 4. No sanitization logic described.
- [COMMAND_EXECUTION] (HIGH): The workflow executes bun, git, and deployment tools (Phase 4, 6, 7), providing a powerful environment for potential exploits.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill follows a pattern of generating code and then building/executing it (Phase 4), allowing injected content to achieve RCE.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Dependency management via Bun involves downloading external packages during the build process.
Recommendations
- AI detected serious security threats
Audit Metadata